Apple ID password compromised – 2FA rescued – What next

apple-idhackingSecurity

I have a Mac, iPhone and an iPad. I use my Gmail account for the Apple ID and one day, I received a notification on my phone that someone is trying to login with my gmail account. The two factor authentication message popped up and I chose Do not allow. So, it didn’t even come up with the 6 digit code (2FA is fantastic!).

I then later changed my Apple ID password to something long, complicated and to something which I don’t use anywhere else (nor used in the past).

The whole thing happened because I had reused a password (bad, I know and it is my mistake).

Now, when I login to the appleid page, I see only these three devices (MacBook, iPad and iPhone) and nothing else.

  • Does this mean that my account is now safe?
  • Is there an activity page to see where my Apple ID is being used?
  • Should I now go about resetting the passwords which are part of the keychain?

Please advise.

Best Answer

You can ask for account data on https://privacy.apple.com and see if there is any active login. I don't remember if successful are counted only, or all.

Uncheck all irrelevant boxes and you'll soon get the email about data availability.

  • Your Apple ID account details and sign-in records.
  • Records of your Apple retail store and support transactions.

etc can be accessed. Source

Related write-ups

Personal notes:

A failed 2FA is an indicator of failed login, thus as far as I can think, no other device has the login. Only trusted devices can log-in directly without 2FA code. If either your trusted devices or trusted phone numbers are physically captured, they can be used to log-in. Keychain items are visible only on devices, not on web. For iOS, in Settings > Passwords & Accounts > Website & App Passwords. For Mac, in Keychain access.

https://support.apple.com/en-us/HT203783#stored

Related Question